Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Security Note Cross-Site Scripting Vulnerab. in UDDI Client, SAP security note 1322098

Description

This security note describes a prevention of a Cross-Site Scripting Vulnerability in the UDDI Client. The UDDI Client is part of NetWeaver Application Server Java (AS Java). As such it is part of several other NetWeaver components such as the Exchange Infrastructure. The affected version is 640, 700 and 701.

The UDDI Client is a tool that implements the Universal Description Discovery and Integration (UDDI) functions based on the UDDI v2.0 specification. The UDDI Client is started automatically when accessing it and can be reached via the URL http://<host>:<port>/uddiclient.

For more information of the UDDI Client see the SAP Documentation at http://help.sap.com/saphelp_nw70/helpdata/en/fe/0cb6f543994cd08bbbc6e0f22023e0/frameset.htm or search http://help.sap.com for “UDDI Client”.

For customers using the UDDI Client.
Affected versions: NetWeaver J2EE Engine 640/700/701
Fixed versions: NetWeaver J2EE Engine
640 – SP25
700 – SP20
701 – SP05
702 – fix is available in its first release
710 – not relevant
711 – not relevant
720 – not relevant
Where to get: Download the latest SP from SAP Service Marketplace

Available fix and Supported packages

  • SAP_JTECHS | 6.40 | 6.40
  • SAP_JTECHS | 7.00 | 7.02
  • SAP JAVA TECH SERVICES 6.40 | SP025 | 000000
  • SAP JAVA TECH SERVICES 7.00 | SP014 | 000026
  • SAP JAVA TECH SERVICES 7.00 | SP017 | 000011
  • SAP JAVA TECH SERVICES 7.00 | SP018 | 000011
  • SAP JAVA TECH SERVICES 7.00 | SP019 | 000005
  • SAP JAVA TECH SERVICES 7.00 | SP020 | 000000
  • SAP JAVA TECH SERVICES 7.01 | SP003 | 000009
  • SAP JAVA TECH SERVICES 7.01 | SP004 | 000012
  • SAP JAVA TECH SERVICES 7.01 | SP005 | 000000
  • SAP JAVA TECH SERVICES 7.02 | SP002 | 000000

Affected component

    BC-ESI-UDDI
    UDDI Server

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1322098

TAGS

#uddiclient
#UDDI
#security
#cross-site-scripting
#Exchange-Infrastructure
#Process-Integration
#XSS

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.